Page 8 of 51 results (0.005 seconds)

CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor de media. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html http://secunia.com/advisories/22501 http://securityreason.com/securityalert/1771 http://securitytracker.com/id?1017100 http://www.hardened-php.net/advisory_112006.136.html http://www.osvdb.org/29893 http://www.s9y.org/forums/viewtopic.php?t=7356 http://www.securityfocus.com/archive/1/449189/100/0/threaded http://www.securityfocus.com/bid/20627 http://www.vupen.com/english/advisories/2006/4135 https:/&#x •

CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065 http://www.vupen.com/english/advisories/2006/1855 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html http://www.securityfocus.com/bid/17566 •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html http://marc.info/?l=bugtraq&m=112801570631203&w=2 http://secunia.com/advisories/17011 https://exchange.xforce.ibmcloud.com/vulnerabilities/22456 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. • http://secunia.com/advisories/15405 http://sourceforge.net/project/shownotes.php?release_id=328092 http://www.osvdb.org/16659 •